Writing to a sysctl file that uses proc_dointvec_minmax like
user/max_uts_namespaces
a larger than 32 bit value won't cause an error as expected but instead will
zero
its value:
# echo 214748364800000 > max_uts_namespaces
# cat max_uts_namespaces
0
This patches fixes it.
Signed-off-by: Aristeu Rozanski <a...@redhat.com>
Cc: "Luis R. Rodriguez" <mcg...@kernel.org>
Cc: Kees Cook <keesc...@chromium.org>
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 4ac9b9a..243f277 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2486,7 +2486,8 @@ static int do_proc_dointvec_minmax_conv(bool *negp,
unsigned long *lvalp,
if (write) {
int val = *negp ? -*lvalp : *lvalp;
if ((param->min && *param->min > val) ||
- (param->max && *param->max < val))
+ (param->max && *param->max < val) ||
+ *lvalp >> (sizeof(int) * 8))
return -EINVAL;
*valp = val;
} else {
